Jump to content

Funny URLs in inkjet spam


rconner
 Share

Recommended Posts

See Tracking Link

The message contains URLs that seem to be completely broken, yet Apple Mail was able to get them to resolve. Could have something to do with translating from UTF-8 to US-ASCII (the URLs contain lots of 8-bit characters). I used tcpdump to watch my browser's conversation with DNS and saw that it had basically stripped out all the 8-bit characters, and somehow magically converted commas to dots.

Someday when I have leisure time I'm going to have to look into this, it's a kind of obfuscation I've not seen in a month of Sundays.

-- rick

Link to comment
Share on other sites

Presumably resolved by IE8 as well but I can't test that. You certainly get some interesting mail Rick - sent from Chile (don't know what it's like now but once every second PC in the land seemed to be "owned"), links to a Ukrainian-registered, Romanian-hosted website which doesn't seem to do any regular business at all.

Link to comment
Share on other sites

Many browsers when faced with a url like that will automatically insert ".com", then try.net and .org if the .com fails to resolve.

In Opera you can turn that off. Haven't found out how to to that in Firefox without an add-on.

But it appears to be a sneaky trick to get the spam to work while busting Spamcop's parser.

Cheers!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...